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A MF.NDMKNTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 

application: 

LISTING OF CLAIMS: 

1 . (Currently Amended) A storage apparatus, comprising: 

a processor; 
a memory; 

at least one storage device operable to provide stora ge resources for storing user data 
accessible over a network [[by]] to at least one network entity and comprising at least one virtual 
volume : 

a storage controller, coupled to the at least oxie storage device; 

a network interface connectable to the virtual local area network (VLAN) switch; 

wherein the processor is at least intermittently coupled to the memory, the storage 
controller and the network interface; 

wherein the memory comprises configuration information including a correspondence 
between at least one segment of a virtual local area network (VLAN) connectable by the network 
interface and the at least one virtual volume of the at least one storage device; 

wherein the processor, the memory, the storage controller and the network interface are 
operable to control the virtual local area network (VLAN) switch to map the at least one segment 
to the at least one virtual volume based upon the configuration information; and 
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wherein at least one of the processor or the network interface control access to the at least 
one virtual volume based upon the configuration information such that a specific network entity 
associated with a specific segment of th e virtual local area network (VLAN) is allowed to access 
only a specific virtual volume associated with the spe cific segment of the virtual local area 
network (VLANL 

2. {Original) The apparatus of claim 1, 

further comprising an out of band management interface connectable to a second 
network. 

3. (Original) The apparatus of claim 1, 

wherein the network interface connectable to a virtual local area network (VLAN) switch 
comprises an interface to a VLAN trunk line. 

4. (Original) The apparatus of claim 3, 

wherein information carried by the VLAN trunk line is identified using an embedded tag. 

5. (Previously Presented) The apparatus of claim 1 , 

wherein the network interface connectable to a virtual local area network (VLAN) switch 
comprises an interface to a VLAN switch, the VLAN switch connective to at least one host 
computer via at least one VLAN access link. 

6. (Previously Presented) The apparatus of claim 5, 
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wherein information carried by the at least one VLAN access link comprises untagged 

frames. 

7. (Previously Presented) The apparatus of claim 6, 

wherein information carried by the at least one VLAN access link is identified using a 
VLAN Identifier of a receiving port. 

8. (Previously Presented) The apparatus of claim 6, 

wherein information carried by the at least one VLAN access link is identified using a 
Media Access Control (MAC) address. 

9. (Original) The apparatus of claim 6, 
wherein an untagged frame comprises: 

a preamble field; 
a source MAC field; 
a destination MAC field; 
a type field; 
a data field; and 
a CRC field. 

10. {Currently Amended) A method, comprising: 

separating logically a local area network into a plurality of virtual local area networks, 
including a first virtual local area network and a second virtual local area network; 
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separating logically a storage device operable to p ro v i de s tor a ge resources for storing 
user data aeeessMe over the local area network [[by]] to at least one network entity into a 
plurality of virtual volumes, including a first virtual volume and a second virtual volume; 

managing a configuration comprising a mapping of the first virtual local area network to 
the first virtual volume and the second virtual local area network to the second virtual volume; 
and 

routing information from the first virtual local area network to the first virtual volume 
and the second virtual local area network to the second virtual volume and preventing 
communication from the first virtual local area network to the second virtual volume and from 
the second virtual local area network to the first virtual volume based upon the configuration; 

wherein the managing, routing and preventing is performed by the storage device. 

1 1 . {Original) The method of claim 10, 
further comprising at least one of: 

configuring network parameters; 
configuring a new file system; 
configuring a designated file system; and 
deleting a designated file system- 

12. (Original The method of claim 10, 
further comprising at least one of: 

updating a management interface IP address; 
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updating a physical network interface IP address; 
updating a VLAN interface IP address and a VLAN tag; 
deleting a designated VLAN interface; and 
adding a new VLAN interface. 

13. (Original) The method of claim 10, 
further comprising at least one of: 

adding a VLAN to a file system; 
removing a VLAN from the file system; 
adding a volume to the file system; and 
removing a volume from the file system. 

14. (Original) The method of claim 10, 
further comprising: 

authenticating user authority. 

1 5 . (Currently Amended) A computer program product embodied in a computer- 
readable medium, comprising: 

code for sending and receiving tagged frames to and from a network interface; 
code for managing a file system and providing storage r esources for storing user data 
ae ccasible over a network [[by]] toat least one network entity; 

code for managing a virtual volume within the file system; 
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code for controlling data transfer between the network interface and a storage controller 
of the file system; 

code for managing a configuration comprising a mapping of the virtual volume to a 
virtual local area networ k segment : 

code for routing information from the virtual local area networks§gmsni to the virtual 
volume in the file system and preventing communication from at least one other virtual local 
area network segment t o the virtual volume based upon a configuration; and 

a computer readable storage medium for holding the codes, wherein the managing of the 
configuration, routing and preventing are performed by a storage device hosting the file system. 

1 6. (Currently Amended) The computer program product of claim 1 5 , 
further comprising at least one of: 

code for receiving configuration information for the file system; 

code for receiving configuration information for the virtual volume; and 

code for receiving configuration information for the virtual local area network 

segment 

17. (Currently Amended) The computer program product of claim 16, 
further comprising at least one of: 

code for updating configuration information for the file system; 

code for updating configuration information for the virtual volume; and 
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code for updating configuration information for the virtual local area network 

segment . 

1 8 . (Currently Amended) A network storage apparatus, comprising: 
a means for processing information; 

a means for connecting to a virtual local area network (VLAN) switch; 

wherein the means for processing and the means for connecting to a virtual local area 
network (VLAN) switch are correctable to a storage device operable to provide storage 
resources for stnrinp user data a eeess&k over a network to_[ [by]] at least one network entity 
having at least one virtual volume mapped to at least one segment of a virtual local area network 
(VLAN) based upon configuration information managed by the processingmeans, thereby 
preventing communication between another segment of another VLAN and the at least one 
virtual volume. 

19. (Currently Amended) A storage apparatus, comprising: 
a means for processing information; 

a means for storing data operable to provide storage resour ces for storing user data 
provided accessible over a network [[by]] to, at least one network entity; 
a means for controlling storing of data; 

■ a means for connecting to a virtual local area network (VLAN) switch; 
wherein the means for processing, the means for controlling storing of information and 
the means for connecting to a virtual local area network (VLAN) switch map at least one 
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segment of a virtual local area network (VLAN) to at least one virtual volume of the means for 
Storing data based upon configuration information and prevent communication between another 
segment of another VLAN and the at least one virtual volume. 

20. (Currently Amended) A system, comprising: 

a storage device operable to provide storage resources for storing user d ata overa 
network to at least one network entity ; 

a virtual local area network (VLAN) switch, coupled to the storage device s uch that t he 
storage d e vice - io aoooaoiblc>ovcr a network by at leapt on e n e twork entity ; and 

at least one segment coupled to the virtual local area network (VLAN) switch via at least 

one virtual local area network; 

wherein the storage device is operable to map the at least one segment of the at least one 
virtual local area network to at least one virtual volume of the storage device based upon 
configuration information, and is operable to prevent another segment of another VLAN from 
communicating with the at least one virtual volume of the storage device. 

21. (Currently Amended) A method of controlling accesses from servers to a 
network storage subsystem, wherein the network storage subsystem is connected to a virtual 
local area network (VLAN) switch via a VLAN switch and receives access requests from the 
servers via the VLAN switch, the method comprising the steps of: 

allocating a dedicated storage resource for storing u ser data provided aeeess&te over a 
network [[by]] to at least one network entity to each VLAN segment, 
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receiving a Internet Protocol (IP) packet based access from a server, 
determining aVLAN segment that the server belongs to, based on a VLAN identification 
in the IP packet, and 

peraiitting the server to access the dedicated storage resource allocated to the VLAN 
segment that the server belongs to, and preventing another server that does not belong to the 
VLAN segment from accessing the dedicated storage resource based on configuration 
information managed by the network storage subsystem, 

wherein the determining, permitting and preventing are performed by the network storage 

subsystem. 

22. (Currently Amended) A method, comprising: 
separating a virtual LAN into a plurality of segments; 

managing a mapping of each one of the plurality of segments to a storage device operable 
to provide stn ra pe resources for storing user data aocooaiblc over a network [[by]] to at least one 
network entity; 

assigning at least one virtual volume to each one of the plurality of segments; and 
controlling access to a virtual volume, such that the virtual volume will communicate 

only with a segment to which it is assigned; wherein the managing and controlling is performed 

by the storage device. 
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